Autodesk Email System Hacked

2 pointssplittydev1y ago7 comments

I just got an email from "noreply@autodesk.com", claiming to be from "opensea.io".

The email is domain-verified (for Autodesk.com) by Google, so it seems the Autodesk email system has been compromised.

7 comments

Can confirm, I've got a DKIM passing email today asking me to sell my "Illuvium". DKIM auth result header:

> Authentication-Results: spamfilter01.heinlein-hosting.de (amavisd-new); > dkim=pass (2048-bit key) header.d=autodesk.com

For this DKIM-Signature:

> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autodesk.com; > h=from:subject:mime-version:list-unsubscribe:content-type:reply-to: > cc:content-type:from:subject:to; > s=s11; bh=...

MTA:

> Received: from ec2-3-8-140-122.eu-west-2.compute.amazonaws.com (unknown) > by geopod-ismtpd-13 (SG) with ESMTP id n5WDORJ6Taauv7FuUNA9Ug

I wonder if just their DKIM selector got stolen or someone owned their AWS accounts as well?

splittydevOP1y ago

Yeah, I checked the mail source too. Passed DKIM, SPF, DMARC etc, so the mail server is definitely compromised.

They seem to be using SendGrid. I pinged the CEO and CTO of Autodesk, the official Autodesk account and the SendGrid account on X about this, but now, more than 24h later, the attack is still ongoing and nobody seems to be giving a flying fuck about it.

hakoo1781y ago

I got a similar one from Autodesk, but it was about Magic Eden instead of OpenSea. I knew it was fake, but I still clicked the link to see how it could be on Autodesk (because the link showed an Autodesk URL). Of course, I did not connect my wallet or do anything else, I just looked at the page and then closed it. Am I in any danger?

azhsetiawan1y ago

I also got the same email an hour ago. noreply@autodesk.com with subject "New Alert!". At first I was wondered why this OpenSea type scam email didn't automatically go into the spam folder, turned out to be from a verified domain.

splittydevOP1y ago

I contacted Autodesk on X, as well as the CEO and CTO, but nobody seems to care so far.

mithr_A1y ago

I've got two emails in the last hour from them as well. (Opensea.io noreply@autodesk.com)

splittydevOP1y ago

It's ridiculous that they're not reacting to this at all.

j / k navigate · click thread line to collapse

7 comments

justusw1y ago

Can confirm, I've got a DKIM passing email today asking me to sell my "Illuvium". DKIM auth result header:

> Authentication-Results: spamfilter01.heinlein-hosting.de (amavisd-new); > dkim=pass (2048-bit key) header.d=autodesk.com

For this DKIM-Signature:

> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autodesk.com; > h=from:subject:mime-version:list-unsubscribe:content-type:reply-to: > cc:content-type:from:subject:to; > s=s11; bh=...

MTA:

> Received: from ec2-3-8-140-122.eu-west-2.compute.amazonaws.com (unknown) > by geopod-ismtpd-13 (SG) with ESMTP id n5WDORJ6Taauv7FuUNA9Ug

I wonder if just their DKIM selector got stolen or someone owned their AWS accounts as well?

splittydevOP1y ago

Yeah, I checked the mail source too. Passed DKIM, SPF, DMARC etc, so the mail server is definitely compromised.

hakoo1781y ago

azhsetiawan1y ago

splittydevOP1y ago

I contacted Autodesk on X, as well as the CEO and CTO, but nobody seems to care so far.

mithr_A1y ago

I've got two emails in the last hour from them as well. (Opensea.io noreply@autodesk.com)

splittydevOP1y ago

It's ridiculous that they're not reacting to this at all.

j / k navigate · click thread line to collapse